Pop Up when the System Starts - Suspecting Win32: Trojan-gen{Other}

BullGuard Antivirus Forum > Virus Removal > Removal Help > Pop Up when the System Starts - Suspecting Win32: Trojan-gen{Other}

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Ronni84
New Member

Date Joined Oct 2008
Total Posts : 5

Posted 10-6-2008 4:28 (GMT +1)

Hi,

When I start my system, I get a Pop Up like

"Error Loading C:\Users\Ranit\AppData\Local\Temp\opnkhfEt.dll

The Specified Module could not be found"

When it came for the first time I went and scanned the "C:\Users\Ranit\AppData" folder. I got a Virus Alert for a .dll file which i was not able to delete coz it prompted that it is being used elsewhere, and it kept on doing that in a loop,

, so forced - restarted the system and from then I am getting only the Pop Ups every time I start my system,(Screenshots Attached). I am using Avast and both the Avast Virus Database and Windows Firewall are uptodate.

Went through the other Posts about this "Win32: Trojan-gen{Other}" virus. I am attaching my ewido and Hijackthis Logs here. Please tell me how to proceed.....

Thanks a Lot in advance.

Ewido Logs:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:49:45 AM, 10/6/2008
+ Report-Checksum: 187FBC20

+ Scan result:

HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\4f -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\4f\InvertDependencies -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\729e9ec0 -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\729e9ec0\10 -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\729e9ec0\10\InvertDependencies -> Spyware.NavExcel : Cleaned with backup

::Report End

Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 5:56:03 AM, on 10/6/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\sttray.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ranit\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Ranit\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ranit\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Ranit\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ranit\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Ranit\AppData\Local\Temp\wvurqQiJ.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Ranit\AppData\Local\Temp\opnkhfEt.dll,#1
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - Global Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Users\Ranit\Desktop\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Image Attachment :

PopUp_Screenshot.jpg 187KB (image/pjpeg)

This image has been viewed 7 time(s).

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-6-2008 5:31 (GMT +1)

Hello

Download this program: http://www.ctrlaltdel.dk/Fix_download.exe

and save it on the desktop. Then double click on it (Fix_download.exe).

You may have to allow the program to download files from the web!

The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix. – if the instructions not automatically opens, so
double-click "FIX_manual.htm" in Fix folder.

Please follow the instructions and copy the logs here, in this Topic:

NB. Fix_download.exe is NOT a virus

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Ronni84
New Member

Date Joined Oct 2008
Total Posts : 5

Posted 10-6-2008 6:26 (GMT +1)

Hi Touch,

Wen m trying to download the Fix_Download.exe from the link, it shows up on Avast as a Trojan, n it is not allowing me to download.... Wat to do?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-6-2008 6:40 (GMT +1)

Shutdown/deactivate avast while downloading

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Ronni84
New Member

Date Joined Oct 2008
Total Posts : 5

Posted 10-6-2008 9:38 (GMT +1)

Thanks a ton mate

, The pop ups are gone..... everything seems good to me.....

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-7-2008 6:21 (GMT +1)

Great

If you want Me to check, post combofix log along with a hijackthis log.

Otherwise ->

Please read this article by Tony Klein: How I got Infected in the First Place

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Ronni84
New Member

Date Joined Oct 2008
Total Posts : 5

Posted 10-12-2008 8:06 (GMT +1)

Hi Touch,

I am attaching my Hijackthis and Combofix logs here for ur reference..........

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:59 PM, on 10/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\sttray.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Users\Ranit\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Ranit\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ranit\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Ranit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ranit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ranit\Desktop\FIX\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Ranit\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ranit\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Ranit\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7055 bytes

ComboFix 08-10-11.02 - Ranit 2008-10-12 12:29:11.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1121 [GMT 5.5:30]
Running from: C:\Users\Ranit\Desktop\FIX\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-06 11:32 . 2008-10-06 11:32 <DIR> d-------- C:\Users\Ranit\AppData\Roaming\Malwarebytes
2008-10-06 11:32 . 2008-10-06 11:32 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-06 11:32 . 2008-10-06 11:32 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-06 10:01 . 2008-10-06 10:01 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-10-06 10:01 . 2008-10-06 10:03 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-10-06 10:01 . 2008-10-06 10:01 <DIR> d-------- C:\Users\All Users\AOL
2008-10-06 10:01 . 2008-10-06 10:01 <DIR> d-------- C:\ProgramData\Viewpoint
2008-10-06 10:01 . 2008-10-06 10:03 <DIR> d-------- C:\ProgramData\AOL OCP
2008-10-06 10:01 . 2008-10-06 10:01 <DIR> d-------- C:\ProgramData\AOL
2008-10-06 10:01 . 2008-10-06 10:02 <DIR> d-------- C:\Program Files\Viewpoint
2008-10-06 10:01 . 2008-10-06 14:55 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-10-06 10:01 . 2008-10-06 10:02 366 --ah----- C:\IPH.PH
2008-10-06 05:03 . 2008-10-06 14:39 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-05 23:26 . 2008-10-05 23:26 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-22 00:01 . 2008-09-22 00:01 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-22 00:00 . 2008-09-22 00:00 <DIR> d-------- C:\Windows\PCHEALTH
2008-09-22 00:00 . 2008-09-22 00:00 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-21 23:57 . 2008-09-21 23:57 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-21 23:55 . 2008-09-22 00:00 <DIR> d-------- C:\Windows\SHELLNEW
2008-09-21 23:55 . 2008-09-26 00:04 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-09-21 23:55 . 2008-09-26 00:04 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-09-21 23:54 . 2008-09-21 23:54 <DIR> dr-h----- C:\MSOCache
2008-09-17 23:53 . 2008-09-17 23:53 <DIR> d-------- C:\Users\All Users\eSellerate
2008-09-17 23:53 . 2008-09-17 23:53 <DIR> d-------- C:\ProgramData\eSellerate
2008-09-17 23:53 . 2008-09-17 23:54 132 --ah----- C:\Users\Ranit\AppData\Roaming\lakerda1967.sys
2008-09-17 23:52 . 2008-09-17 23:55 <DIR> d-------- C:\Program Files\docXConverter3
2008-09-17 23:43 . 2008-09-17 23:43 376 --a------ C:\Windows\ODBC.INI
2008-09-12 14:10 . 2008-09-12 14:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-12 00:39 . 2008-09-12 00:58 <DIR> d-------- C:\Users\Ranit\AppData\Roaming\Roxio
2008-09-12 00:30 . 2008-09-12 00:38 <DIR> d-------- C:\Windows\System32\DLA
2008-09-12 00:30 . 2006-07-21 11:21 99,176 --a------ C:\Windows\System32\drivers\DRVMCDB.SYS
2008-09-12 00:30 . 2006-10-26 16:21 92,920 --a------ C:\Windows\DLA.EXE
2008-09-12 00:30 . 2006-10-26 16:21 56,056 --a------ C:\Windows\System32\DLAAPI_W.DLL
2008-09-12 00:30 . 2007-02-09 12:34 51,768 --a------ C:\Windows\System32\drivers\DRVNDDM.SYS
2008-09-12 00:30 . 2007-02-08 20:05 28,120 --a------ C:\Windows\System32\drivers\DLARTL_M.SYS
2008-09-12 00:30 . 2007-02-08 20:05 12,856 --a------ C:\Windows\System32\drivers\DLACDBHM.SYS
2008-09-12 00:30 . 2008-09-12 00:30 120 --a------ C:\Windows\wininit.ini
2008-09-12 00:27 . 2008-09-17 23:35 <DIR> d-------- C:\Users\All Users\Roxio
2008-09-12 00:27 . 2008-09-17 23:35 <DIR> d-------- C:\ProgramData\Roxio
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-09-12 00:26 . 2008-09-12 00:26 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-09-12 00:25 . 2008-09-12 00:25 <DIR> d-------- C:\Users\All Users\Sonic
2008-09-12 00:25 . 2008-09-12 00:25 <DIR> d-------- C:\ProgramData\Sonic
2008-09-12 00:24 . 2008-09-12 00:27 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-09-12 00:23 . 2008-09-12 00:23 <DIR> d-------- C:\Users\All Users\InstallShield
2008-09-12 00:23 . 2008-09-12 00:23 <DIR> d-------- C:\ProgramData\InstallShield
2008-09-12 00:23 . 2008-09-12 00:30 <DIR> d-------- C:\Program Files\Roxio
2008-09-12 00:23 . 2008-09-12 00:24 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 07:01 --------- d-----w C:\Users\Ranit\AppData\Roaming\DNA
2008-10-11 22:16 --------- d-----w C:\Users\Ranit\AppData\Roaming\BitTorrent
2008-10-11 05:38 --------- d-----w C:\Program Files\BitTorrent
2008-10-01 09:37 --------- d-----w C:\Users\Ranit\AppData\Roaming\dvdcss
2008-09-28 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 18:31 --------- d-----w C:\Program Files\MSBuild
2008-09-11 18:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-08 05:35 --------- d-----w C:\Program Files\EA GAMES
2008-09-06 07:19 --------- d-----w C:\Program Files\Google
2008-08-31 16:25 --------- d-----w C:\ProgramData\SupportSoft
2008-08-31 16:25 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-08-31 16:25 --------- d-----w C:\Program Files\Airtel
2008-08-31 10:21 92,064 ----a-w C:\Users\Ranit\mqdmmdm.sys
2008-08-31 10:21 9,232 ----a-w C:\Users\Ranit\mqdmmdfl.sys
2008-08-31 10:21 79,328 ----a-w C:\Users\Ranit\mqdmserd.sys
2008-08-31 10:21 66,656 ----a-w C:\Users\Ranit\mqdmbus.sys
2008-08-31 10:21 6,208 ----a-w C:\Users\Ranit\mqdmcmnt.sys
2008-08-31 10:21 5,936 ----a-w C:\Users\Ranit\mqdmwhnt.sys
2008-08-31 10:21 4,048 ----a-w C:\Users\Ranit\mqdmcr.sys
2008-08-31 10:21 25,600 ----a-w C:\Users\Ranit\usbsermptxp.sys
2008-08-31 10:21 22,768 ----a-w C:\Users\Ranit\usbsermpt.sys
2008-08-31 09:49 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-31 02:21 --------- d-----w C:\Users\Ranit\AppData\Roaming\Creative
2008-08-30 07:43 --------- d-----w C:\ProgramData\Creative
2008-08-30 07:29 --------- d--h--w C:\Program Files\Creative Installation Information
2008-08-30 07:28 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-08-30 07:28 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-08-30 07:28 --------- d-----w C:\Program Files\Creative
2008-08-30 07:28 --------- d-----w C:\Program Files\Common Files\Creative
2008-08-30 07:19 --------- d-----w C:\Program Files\SigmaTel
2008-08-30 07:00 --------- d-----w C:\ProgramData\Creative Labs
2008-08-30 06:59 --------- d-----w C:\Program Files\Common Files\Creative Labs Shared
2008-08-30 06:30 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-08-30 06:29 --------- d-----w C:\Users\Ranit\AppData\Roaming\InstallShield
2008-08-30 06:29 --------- d-----w C:\Program Files\Creative Live! Cam
2008-08-30 06:28 --------- d-----w C:\Program Files\Dell
2008-08-29 07:14 174 --sha-w C:\Program Files\desktop.ini
2008-08-29 07:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-29 07:07 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-29 07:07 --------- d-----w C:\Program Files\Windows Mail
2008-08-29 07:07 --------- d-----w C:\Program Files\Windows Defender
2008-08-29 07:07 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-29 07:07 --------- d-----w C:\Program Files\Windows Calendar
2008-08-29 06:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-29 06:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-26 01:19 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-26 01:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-26 01:16 --------- d-----w C:\Program Files\DNA
2008-08-25 12:06 269,312 ----a-w C:\Windows\System32\es.dll
2008-08-22 17:58 --------- d-----w C:\Users\Ranit\AppData\Roaming\vlc
2008-08-22 17:34 --------- d-----w C:\Program Files\VideoLAN
2008-08-22 11:59 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-08-22 11:59 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-08-22 11:59 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-08-22 11:59 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-08-22 11:51 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-08-22 11:43 9,847,296 ----a-w C:\Windows\System32\NlsData000a.dll
2008-08-22 11:43 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-08-22 11:43 6,917,120 ----a-w C:\Windows\System32\NlsLexicons0c1a.dll
2008-08-22 11:43 4,495,360 ----a-w C:\Windows\System32\NlsData0816.dll
2008-08-22 11:43 4,495,360 ----a-w C:\Windows\System32\NlsData0416.dll
2008-08-22 11:43 4,495,360 ----a-w C:\Windows\System32\NlsData0414.dll
2008-08-22 11:43 4,495,360 ----a-w C:\Windows\System32\NlsData001d.dll
2008-08-22 11:43 2,643,456 ----a-w C:\Windows\System32\NlsData000c.dll
2008-08-22 11:43 2,342,912 ----a-w C:\Windows\System32\NlsData000d.dll
2008-08-22 11:43 1,965,056 ----a-w C:\Windows\System32\NlsData0c1a.dll
2008-08-22 11:43 1,965,056 ----a-w C:\Windows\System32\NlsData081a.dll
2008-08-22 11:43 1,965,056 ----a-w C:\Windows\System32\NlsData000f.dll
2008-08-22 11:42 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-08-22 11:41 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-08-22 11:41 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-08-22 11:41 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-08-22 11:41 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-08-22 11:40 988,216 ----a-w C:\Windows\System32\winload.exe
2008-08-22 11:40 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-08-22 11:40 615,992 ----a-w C:\Windows\System32\ci.dll
2008-08-22 11:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-08-22 11:40 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-08-22 11:40 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-08-22 11:40 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-08-22 11:40 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-08-22 11:40 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-08-22 11:40 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-08-22 11:38 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-08-22 11:37 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-08-22 11:36 541,696 ------w C:\Windows\AppPatch\AcLayers.dll
2008-08-22 11:36 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-08-22 11:35 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-08-22 11:35 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-08-22 11:34 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-08-22 11:33 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-08-22 11:33 738,304 ----a-w C:\Windows\System32\inetcomm.dll
2008-08-22 11:32 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-08-22 10:54 --------- d-----w C:\Program Files\Alwil Software
2008-08-22 10:10 --------- d-----w C:\Program Files\WIDCOMM
2008-08-22 10:07 --------- d-----w C:\Program Files\Broadcom
2008-08-22 10:01 --------- d-----w C:\Program Files\CONEXANT
2008-08-22 09:55 --------- d-----w C:\Program Files\Intel
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-08_11.08.26.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-08 05:03:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-12 06:50:57 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-08 05:03:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-12 06:50:57 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-08 05:31:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 06:51:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-08 05:05:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 06:52:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-08 05:03:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-12 06:51:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-08 05:03:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-12 06:51:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-08 05:03:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-12 06:51:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-08 05:33:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-12 06:58:53 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-10-04 02:28:15 101,350 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-11 12:10:45 101,350 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-04 02:28:15 595,684 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-11 12:10:45 595,684 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-08 05:05:32 6,556 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3253410391-792962926-4130258694-1000_UserData.bin
+ 2008-10-12 06:52:53 6,768 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3253410391-792962926-4130258694-1000_UserData.bin
- 2008-10-08 05:05:32 54,426 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-12 06:52:53 54,544 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-08 05:05:31 34,646 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-12 06:52:51 34,948 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Users\Ranit\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"Google Update"="C:\Users\Ranit\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"BitTorrent DNA"="C:\Users\Ranit\Program Files\DNA\btdna.exe" [2008-10-11 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-09 36864]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-14 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-14 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-14 133912]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112]
"nxpclient"="C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe" [2007-12-06 202016]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 C:\Windows\sttray.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-04 703280]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-08-22 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7D1B078C-E584-4A6C-9B45-EE3E7050C20A}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{694B0A5B-D499-43B7-9472-2F16E3D97804}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{48CE21C5-C53F-44DC-B809-73D7CC60B67E}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{30E66F27-18AE-4613-9517-E49365B840A5}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{7EC34E5B-60E3-4AFE-BEFE-B8FF5564DBF5}C:\\users\\ranit\\program files\\dna\\btdna.exe"= UDP:C:\users\ranit\program files\dna\btdna.exe:btdna.exe
"UDP Query User{ED33778E-8EDF-43E5-A53B-645577375A8F}C:\\users\\ranit\\program files\\dna\\btdna.exe"= TCP:C:\users\ranit\program files\dna\btdna.exe:btdna.exe
"{BCC01642-164B-4EDB-9FE0-3D81C5B2D86C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{7BE575F0-1304-4510-A997-41AFA1459B2E}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{5CE3AA99-F87C-434A-8772-98A18E1A941E}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{4BC6D7C4-A594-4EBB-8E0C-788AFCBBA75D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C23AB58E-1A58-4D21-A0D5-D42E651323B4}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2B6DD839-9A42-4762-B3AA-448FEDE0861A}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{812E66E4-1B33-4E2F-845E-E989694F6D88}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{8610463B-EBD4-4293-8143-5A004F605318}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{A74EE9DF-A0B8-4B20-AC64-74280E790EFA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{8A735B72-5486-4614-B33F-1271D3E8B9F1}C:\\users\\ranit\\program files\\dna\\btdna.exe"= UDP:C:\users\ranit\program files\dna\btdna.exe:btdna.exe
"UDP Query User{765EF962-8106-44D1-A89C-560AC3C7197C}C:\\users\\ranit\\program files\\dna\\btdna.exe"= TCP:C:\users\ranit\program files\dna\btdna.exe:btdna.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe [2007-12-06 202800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-06 7424]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\Ranit\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 11:12]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.in/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
C:\Windows\Downloaded Program Files\ewidoOnlineScan.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 12:31:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-12 12:32:28
ComboFix-quarantined-files.txt 2008-10-12 07:02:24
ComboFix2.txt 2008-10-08 05:39:17

Pre-Run: 14,408,970,240 bytes free
Post-Run: 14,267,187,200 bytes free

288 --- E O F --- 2008-10-11 03:55:41

Regards,

Ronni84

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-12-2008 8:34 (GMT +1)

Looks clean. How are thing running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Ronni84
New Member

Date Joined Oct 2008
Total Posts : 5

Posted 10-12-2008 8:57 (GMT +1)

Things are running smooth mate..........

Thnks a lot....

Ronni84

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-12-2008 9:11 (GMT +1)

Sounds good smile

Since this issue appears resolved ... this Topic is closed.

If you would like it to be reopened please contact Me.

Thank you !

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Forum Information

Currently it is Wednesday, December 03, 2008 7:18 AM (GMT +1)
There are a total of 64.512 posts in 15.910 threads.
In the last 3 days there were 19 new threads and 75 reply posts. View Active Threads